The multipart processor in ModSecurity prior to 2.5.9 allows remote malicious users to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
trustwave modsecurity |
||
fedoraproject fedora 9 |
||
fedoraproject fedora 10 |